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Amendment *he Claims: 



This listing of claims wUl replace all prior versions, and listings, of claims in 
the application: 



Listing of Claims: 



Claim 1 (currently amended) 
Claim 2 (currently amended) 
Claim 3 (currently amended) 
Claim 4 (currently amended) 
Claim 5 (currently amended) 
Claim 6 (currently amended) 
Claim 7 (currently amended) 
Claim 8 (currently amended) 
Claim 9 (currently amended) 
Claim 10 (currently amended) 
Claim 11 (currently amended) 
Claim 12 (original) 
Claim 13 (currently amended) 
Claim 14 (currently amended) 
Claim 15 (currently amended) 
Claim 16 (currently amended) 
Claim 17 (currently amended) 
claim 18 (currently amended) 
Claim 19 (currently amended) 
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Claim 20 (currently amended) 
Claim 21 (currently amended) 
Claim 22 (currently amended). 
Claim 23 (currently amended) 
Claim 24 (original) 
Claim 25 (currently amended) 
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1. (Currently amended) 

A method of creating certificates with redundant information to certify several 
keys, wherein each of the certificates comprises a defined number of data elements 
which at least contain information on the a certification body (issuer of the 
certificate),-^ a user of the certificate and the a key certified by the certificate, 
characterized by the following steps: 

a) Specification s pecification of a request for certification of one or more 
of several keys by [[a]] the certification body for [[a]] the user[[.]] ; 



b) [[If]] if in step a) only one key is to be initially certified, and no basic 
certificate is yet available for the user, creation of a basic certificate for 
the user with a defined number of data elements which, in the 
certification process, are identical for the respective user in conjunction 
with th e respective certification body[[.]] i 

c) Addition addition of an identifying characteristic to the basic 
certificate^.]] i 

d) Generation generation of a digital signature for the basic 
certificate^.]] I 

e) Addition addition of the digital signature to the basic certificate^.]] ; 



f) Generation generation of a key pair[[.]] I 
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g) Creation creation of a supplementary certificate for the basic certificate 
with a key as set out in step f), the identifying characteristic as set out 
in step c) and additional data fields not registered by the basic 
certificate^.]] ; 

h) Generation generation of a digital signature for the supplementary 
certificate^.]] ; 

i) Addition addition of the digital signature to the supplementary 
certificate^.]] ; 

j) Use use of an existing basic certificate for the only one key when the 
one key shares the redundant information with the existing basic 
certificates[[.]] :and 

k) tfee use of the basic certificate created in step b) for future keys that 
share the redundant information with the basic certificate. 



2. (Currently amended) 

The method in accordance with Claim 1, characterized in that the basic 
certificate comprises the following data elements: 

- Name name of the certification body.,. 

- User user ID of the certification body A 

- Name name of the user,, 

- User user ID of the use r, and 

- Identifying identifying characteristic of the basic certificate,. 
SN 09/483,358 5 



GE999008 



3. (Currently amended) 

The method in accordance with Claim 1, characterized in that the 
supplementary certificate comprises the following data elements: 

- Signature a signature algorithm,, 

- Key a key, 

- Serial serial number of the key,. 

- Validity a validity period of the certificate 4 

- Rvtaminnn extensions, and 

- Identifying an identifying characteristic of the basic certificate. 

4. (Currently amended) 

The method in accordance with Claim 1, characterized in that if step a) 
reveals that more than one key with the same validity period is to be certified at one 
time, instead of steps b) - i) the following steps are executed: 

aa) Generation generation of several key pairs[[.]] I 

bb) Generation generation of a single group certificate (group certificate) 
for the several keys with all data elements necessary for the individual 
keys and keys generated in step aa), with only a single recitation of 
data elements redundant to all the several keys in the group , 
certificate^.]] I 

cc) Generation generation of a digital signature for the group certificate[[.]] 
: and 



dd) Addition addition of the digital signature to the group certificate. 
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5. (Currently amended) 

The method in accordance with Claim 4, characterized in that the basic 
certificate contains the following data elements: 

- Name name of the certification body* 

- User user ID of the certification body.,. 

- Name name of the user; 

- User user ID of user; 

- Type/version type/version of the certificate^ 

- Number number and types of keys,. 

- Key a key, 
- Validity validity, 

- Serial serial numbe r, and 

- Rxtcnsiona extensions. 

6. (Currently amended) 

The method in accordance with Claim 1 characterized in that, if only one key 
is to be certified in step a) and a basic certificate already exists as stated in step j) or 
k), instead of steps b) - i) the following steps are executed: 

aa) Definition definition of the basic certificate and reading of the 
identifying characteristics of the basic certificate[[.]] I 

bb) Generation generation of a key pair[[.]] I 
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cc) €***ie* creation of a supplementary certificate for the basic certificate 
with additional data fields not registered by the basic certificate, 
wherein one of the keys is inserted into the supplementary certificate in 

step bb)[[.]] 1 

dd) fesertiea insertion of the identifying characteristics in accordance with 
step aa) into the supplementary certificate to locate the associated basic 
certificate[[.]] ; 

ee) Generation generation of a digital signature for the supplementary 
certificate[[.]] ; and 

ff) Addition addition of the digital signature to the supplementary 
certificate. 



7. (Currently amended) 

The method in accordance with Claim 6, characterized in that the any 
supplementary certificates each contain the following data elements: 

- Signature a signature algorithm^. 

- Kev a key. 

- Serial serial number of the key* 

- Validity validity period of the certificate^ 

- r.vtcnsiong extensions, and 

- Identifying identifying characteristic of the basic certificate,. 
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8. (Currently amended) 

The method for creating a certificate for simultaneous certification of several 
keys with the same validity period, wherein the certificate comprises a defined 
number of data elements which at least contain information on the certification body 
(issuer of the certificate), the user of the certificate and the key certified by the 
certificate, characterized by the following steps: 

aa) Generation generation of several key pairs[[.]] ; 



bb) Generation generation of a single joint or group certificate (group 
certificate) for several keys with all data elements necessary for the 
individual keys and keys generated in step aa), with the group 
certificate containing only a single recitation of data elements[[.]] i 

cc) Generation generation of a digital signature for the group 
certificate^.]] ; and 

dd) Addition addition of the digital signature to the group certificate. 



9. (Currently amended) 

The method in accordance with Claim 8, characterized in that the group 
certificate contains the following data elements: 

- Name name of the certification body,, 

- Use? user ID of the certification body A 

- Name name of the user, 
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- User user ID of the user A 

- Typc/vcraion tvpe/version of the group certificate* 

- Number number and types of keys A 
-Key- key, 

- Validity validity, 

- Serial serial numbe r, and 
- Rxtcnaiong extensions. 

10. (Currently amended) 

A method for creating a certificate for certification of a new key for a user, 
wherein the certificate comprises a defined number of data elements which at least 
contain information on the a certification body (issuer of the certificate),-^ a user 
of the certificate and the key certified by the certificate, wherein a basic certificate 
for the user already exists and the basic certificate comprises data elements which, 
in the certification process, are identical for the respective user in conjunction with 
the respective certification body, characterized by the following steps: 

aa) Definition definition of the basic certificate for the user and reading of 
the identifying characteristics of the basic certificate[[.]] i 

bb) Generation generation of a key pair for the new key[[.]] ; 

cc) Creation creation of a supplementary certificate for the basic certificate 
with additional data fields not registered by the basic certificate, 
wherein one of the keys of the key pair generated in step bb is inserted 
into the supplementary certificate in 3tcp bb). ; 
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dd) Insertion insertion of the identifying characteristics in accordance with 
step aa) into the supplementary certificate to locate the associated basic 
certificate[[.]] I 

ee) Generate generation of a digital signature for the supplementary 
certificate[[.]] : and 

ff) Addition addition of the digital signature to the supplementary 
certificate. 

11. (Currently amended) 

The method in accordance with Claim 10, characterized in that the 
supplementary certificate contains the following data elements: 

- Signature a signature algorithm, 

- Key a key, 

- Serial serial number of the key.,. 

- Validity validity period of the certificate^ 

- Fxtcnaiona extensions, 

- Identifying an identifying c haracteristic of the basic certificate.. 

12. (Original) 

The method in accordance with Claim 8, characterized in that the key is a 
public key. 
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13. (Currently amended) 

The method in accordance with Claim 1, characterized in that the basic 
certificate and the supplementary certificate are stored in the a non-volatile memory 
of a chipcard. 

14. (Currently Amended) 

The method in accordance with Claim 4, characterized in that the basic 
certificate (group certificate) is stored in the a non- volatile memory of a chipcard. 

15. (Currently amended) 

The method for reading certificates created in accordance with Claim 1, 

characterized by the following steps: 

a) Check check of the storage medium for presence of basic 
certificates^.]] ; 

b) if if a basic certificate is present, identification of the necessary 
supplementary 

certificate^.]] i 

c) Read - in reading-in of the supplementary certificate to into the RAM of 
a system[[.]] i 

d) Definition definition of the identification number of the basic 
certificate from the supplementary certificate[[.]] ; and 



e) Read - in reading-in o f the basic certificate to into the RAM. 
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16. (Currently amended) 

The method in accordance with Claim 15, characterized in that, if no basic 
certificate could be identified in step a), instead of steps b) - e) the following steps 
are executed: 

f) Check check of the storage medium for presence of group 
certificates!!.]] : and 

g) Read in reading-in of the a necessary group certificate[[s]] te into the 
RAM. 

17. (Currently amended) 

The method for reading of certificates created in accordance with Claim 10, 
characterized by the following steps: 

a) Check check o f the storage medium for presence of group 
certificates^.]] : and 

b) Read - in reading-in of the a necessary group certificate te into the 
RAM. 

18. (Currently amended) 

The method in accordance with Claim 17, characterized in that the storage 
medium is a non- volatile memory of the a chipcard. 
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19. (Currently amended) 

A computer program product on a computer usable medium for creating [[a]] 
certificates to certify several keys sharing redundant information, wherein the a 
certificate comprises a defined number of data elements which at least contain 
information on the certification body (issuer to the certificate), the user of the 
certificate and the key certified by the certificate, said computer program product 
comprising: 

a) software for specification of a request for certification of at least one of 
the several keys by a certification body for a user; 

b) software for creation of a basic certificate for the user with a defined 
number of data elements which, in the certification process, are identical for 
the respective user in conjunction with the respective certification body when 
initially only one key is to be certified, and no basic certificate is yet available 
for the user; 



c) software for the addition of an identifying characteristic to the basic 
certificate; 

d) software for the generation of a digital signature for the basic 
certificate; 

e) software for the addition of the digital signature to the basic certificate; 



f) software for generation of a key pair; 
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g) software for creation of a supplementary certificate for the basic 
certificate with a key as set out in f), the identifying characteristic as set out in 
c) and additional data fields not registered by the basic certificate; 

h) software for generation of a digital signature for the supplementary 
certificate; 

i) software for addition of the digital signature to the supplementary 
certificate; and 

j) use of the basic certificate created in step b) with future keys that share 
the redundant information with the basic certificate by issuing an 
additional supplementary certificate with a new key pair. 



20. (Currently amended) 

The computer program product in accordance with Claim 19, characterized in 
that the basic certificate comprises the following data elements: 



Name name of the certification body A 
¥sef user ID of the certification body,. 
Name name of the user,. 
User user ID of the use r.and 

Identifying identifying characteristic of the basic certificate. 
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21. (Currently amended) 

The computer program product in accordance with Claim 19, characterized in 
that the supplementary certificates comprise the following data elements: 

Signature a signature algorithm^. 
Key a key, 

Serial a serial number of the key A 
Validity a validity period of the certificate,, 
F.xtenriiona extensions, and 

Identifying identifying characteristic of the basic certificate. 
22. (Currently amended) 

The computer program product in accordance with Claim 19, characterized in that if 
more than one key with the same validity period is to be certified at one time, the 
following software replaces the software of b) to i)[[;]] : 

aa) software for generation of several key pairs; 

bb) software for generation of a certificate (group certificate) for several 
keys with all data elements necessary for the individual keys and keys 
generated in step aa), omitting the redundant data elements; 

cc) software for generation of a digital signature for the certificate; and 

dd) software for addition of the digital signature to the certificate. 
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23. (Currently amended) 

The computer program product software in accordance with Claim 22, 
characterized in that the soup, certificate contains the following data elements: 



Name name of the certification body A 
JJse? user ID of the certification body* 
Name name of the user,, 
^sef user ID of the user^ 
Typc/vcraiea type/version of the certificate^ 
Number number and types of keys,. 
Key a key, 
Validity validity^ 
Seria l serial Numbe r, and 
extensions. 



24. (Original) 

The computer program product in accordance with Claim 19, characterized i 
that, if only one key is to be certified and a basic certificate already exists, the 
following software replaces the software of b) to i): 

aa) software code definition of the basic certificate and reading of the 
identifying characteristics of the basic certificate; 



bb) software code for generation of a key pair; 
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CC ) software code for creation of a supplementary certificate for the basic 
certificate with additional data fields not registered by the basic certificate, 
wherein one of the keys is inserted into the supplementary certificate by step 

bb); 

dd) software code insertion of the identifying characteristics in accordance 
with step aa) into the supplementary certificate to locate the associated basic 
certificate; 

ee) software code generation of a digital signature for the supplementary 
certificate; and 

fi) software code addition of the digital signature to the supplementary 
certificate. 



25. (Currently amended) 

The computer program product in accordance with Claim 24, characterized i 
that the supplementary certificate contains the following data elements: 

ftignaturo a signature algorithm,. 
Key a key, 

Serial serial number of the key A 

Validity validity period of the su pplementary certificate,. 

Rytnnaion f i extensions, and 

Identifying identifying characteristic of the basic certificate. 
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